CVE-2021-21485

Summary

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for JAVA (Telnet Commands)ENGINEAPI 7.30, 7.31, 7.40, 7.50affected
SAP SESAP NetWeaver AS for JAVA (Telnet Commands)ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50affected
SAP SESAP NetWeaver AS for JAVA (Telnet Commands)SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50affected
SAP SESAP NetWeaver AS for JAVA (Telnet Commands)J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References